Skip conda/Miniconda/Miniforge download and install when a conda installation is already present; add pixi to all provisioning scripts

[Copilot]

Improve provisioning scripts by skipping conda/Miniconda/Miniforge download and install when an existing conda installation is already detected, and add pixi to all three platform provisioning scripts with supply-chain-safe installation.

Changes Made

Conda detection (all platforms)

• Ubuntu (provision-ubuntu.sh): install_miniconda_user() scans ~/miniconda3, ~/miniforge3, ~/anaconda3, and /opt/conda for an existing conda binary before downloading; resolves conda_bin via ${existing_conda:-$prefix/bin/conda}.
• macOS (provision-macos.sh): Miniforge block scans five common macOS paths plus type -P conda; falls back to $MINIFORGE_PREFIX/bin/conda only when no existing installation is found.
• Windows (provision-win.ps1): Checks eight common condabin\conda.bat candidate paths plus Get-Command conda before invoking the installer; reuses the discovered path as $condaBat for all subsequent config/init calls.

In all cases, conda config (channel priority) and conda init (shell integration) still run against the discovered binary.

pixi installation (all platforms)

All pixi installers download the binary directly from GitHub Releases and verify its SHA-256 checksum against the published SHA256SUMS file before installation, eliminating the supply-chain risk of executing a remote script.

• Ubuntu (provision-ubuntu.sh): install_pixi_user() function downloads the versioned pixi-{arch}.tar.gz (supports x86_64 and aarch64), verifies SHA-256, and installs to ~/.pixi/bin. Accepts a --pixi-version=X.Y.Z flag; defaults to the latest GitHub release when omitted.
• macOS (provision-macos.sh): Installs pixi via Homebrew (brew_install pixi).
• Windows (provision-win.ps1): Install-Pixi function downloads pixi-x86_64-pc-windows-msvc.zip, verifies SHA-256, and extracts to ~\.pixi\bin. Accepts a -PixiVersion parameter for pinning (e.g. -PixiVersion 0.44.0); defaults to the latest GitHub release when omitted.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[volpatto]

Oh, it was a good experiment. So this is how good Copilot can be! Fair enough.

[volpatto]

LGTM.

[Copilot]

Pull request overview

Updates the OS provisioning scripts to avoid reinstalling Miniconda/Miniforge when an existing conda installation is already present, while still applying conda configuration/init steps.

Changes:

• Add “existing conda” detection on Ubuntu/macOS/Windows to skip the download/install step when possible.
• Add installation of additional developer tools (e.g., flex/bison) and introduce pixi installation steps.
• Add installation of a broad scientific/HPC library set on Ubuntu and macOS.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 11 comments.

File	Description
scripts/provision-ubuntu.sh	Detect existing conda before installing Miniconda; adds HPC libraries and user-level pixi install + verification/summary updates.
scripts/provision-macos.sh	Detect existing conda (including PATH) before installing Miniforge; adds pixi + HPC libraries and updates final tool summary.
scripts/provision-win.ps1	Detect existing conda before installing Miniconda; adds winflexbison and installs pixi via remote script.

Comments suppressed due to low confidence (1)

scripts/provision-win.ps1:230

• The existing-conda short-circuit ignores -ForceReinstallMiniconda: if any conda is found on disk or PATH, the script will skip installation even when the user explicitly requested a reinstall at $MinicondaInstallDir. Consider bypassing/limiting the existing-conde check when ForceReinstallMiniconda is true, and update the surrounding status messages so the output doesn’t say “Installing/installed Miniconda” when an existing conda was reused.

if ($existingConda) {
  Write-Host "Conda already found at $existingConda — skipping Miniconda download/install."
} elseif ($MinicondaUseDirectInstaller) {
  if ($MinicondaInstallDir -match '\s') {
    throw "MinicondaInstallDir contains spaces. NSIS '/D=' cannot be quoted reliably. Use a path without spaces (e.g., C:\tools\miniconda3)."
  }
  Install-Miniconda-Direct -InstallDir $MinicondaInstallDir -ForceReinstall:$ForceReinstallMiniconda
} else {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Installing the full scientific/HPC stack unconditionally (gcc, MPI, HDF5, mumps, scotch, etc.) will substantially increase runtime/disk usage and can introduce long build times (e.g., gcc/mumps). Consider making this optional (flag/profile) or grouping into a separate opt-in section to reduce operational impact for typical dev setups.

[Copilot]

Installing the full scientific/HPC dependency set by default can significantly increase provisioning time and may pull in large transitive dependencies. Consider making this optional (e.g., --install-hpc-libs) or only enabling it for a dedicated profile to reduce operational impact.

Suggested change

	log "Installing scientific/HPC libraries..."
	DEBIAN_FRONTEND=noninteractive apt-get install -y \
	libopenblas-dev libopenmpi-dev \
	libfftw3-dev libfftw3-mpi-dev \
	libhwloc-dev libhdf5-mpi-dev \
	libmumps-ptscotch-dev libmetis-dev \
	libnetcdf-dev libpnetcdf-dev \
	libptscotch-dev libscalapack-openmpi-dev \
	libsuitesparse-dev libsuperlu-dev libsuperlu-dist-dev
	if [ "${INSTALL_HPC_LIBS:-true}" = "true" ]; then
	log "Installing scientific/HPC libraries (INSTALL_HPC_LIBS=${INSTALL_HPC_LIBS:-true})..."
	DEBIAN_FRONTEND=noninteractive apt-get install -y \
	libopenblas-dev libopenmpi-dev \
	libfftw3-dev libfftw3-mpi-dev \
	libhwloc-dev libhdf5-mpi-dev \
	libmumps-ptscotch-dev libmetis-dev \
	libnetcdf-dev libpnetcdf-dev \
	libptscotch-dev libscalapack-openmpi-dev \
	libsuitesparse-dev libsuperlu-dev libsuperlu-dist-dev
	else
	log "Skipping scientific/HPC libraries (INSTALL_HPC_LIBS=${INSTALL_HPC_LIBS:-false})."
	fi

[Copilot]

This PR adds installation of a large set of scientific/HPC packages on macOS (OpenBLAS/OpenMPI/HDF5/MUMPS/etc.) unconditionally. This is a significant behavior change and isn’t mentioned in the PR description/title; if intentional, please document it there and/or gate it behind a flag/profile so the default provisioning remains lightweight.

[Copilot]

This PR introduces installation of many scientific/HPC libraries (OpenBLAS/OpenMPI/HDF5/MUMPS/etc.) on Ubuntu unconditionally, which is a substantial behavior change beyond the stated goal of skipping conda installs. If this is intended, please update the PR description and consider gating it behind a flag/profile to avoid unexpectedly long apt installs for minimal setups.

[Copilot]

The summary always prints Miniconda for $TARGET_USER: $TARGET_HOME/miniconda3, but the script may now reuse an existing conda from ~/miniforge3, ~/anaconda3, or /opt/conda. Consider tracking the actual conda_bin/prefix used and reporting that to avoid misleading output.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/prefix-dev/pixi/releases/latest
  • Triggering command: /usr/bin/curl curl -fsSL REDACTED (http block)
  • Triggering command: /usr/bin/curl curl -v REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)